Encrypt SQL LOGIN password immediately

This commit is contained in:
Tobie Morgan Hitchcock 2016-11-22 13:36:57 +00:00
parent 5bfe938fcf
commit bb752eb124
4 changed files with 21 additions and 3 deletions

View file

@ -45,8 +45,8 @@ type TB struct {
type AC struct { type AC struct {
User string User string
Pass string
Uniq string Uniq string
Pass []byte
} }
type TK struct { type TK struct {

View file

@ -214,7 +214,7 @@ type DefineLoginStatement struct {
DB string `cork:"-" codec:"-"` DB string `cork:"-" codec:"-"`
Kind Token `cork:"kind" codec:"kind"` Kind Token `cork:"kind" codec:"kind"`
User string `cork:"user" codec:"user"` User string `cork:"user" codec:"user"`
Pass string `cork:"pass" codec:"pass"` Pass []byte `cork:"pass" codec:"pass"`
} }
// RemoveLoginStatement represents an SQL REMOVE LOGIN statement. // RemoveLoginStatement represents an SQL REMOVE LOGIN statement.

View file

@ -18,6 +18,8 @@ import (
"fmt" "fmt"
"regexp" "regexp"
"time" "time"
"golang.org/x/crypto/bcrypt"
) )
func (p *parser) parseWhat() (mul []Expr, err error) { func (p *parser) parseWhat() (mul []Expr, err error) {
@ -287,6 +289,22 @@ func (p *parser) parseDuration() (time.Duration, error) {
} }
func (p *parser) parseBcrypt() ([]byte, error) {
_, lit, err := p.shouldBe(STRING)
if err != nil {
return nil, &ParseError{Found: lit, Expected: []string{"string"}}
}
val, err := p.declare(STRING, lit)
if err != nil {
return nil, &ParseError{Found: lit, Expected: []string{"string"}}
}
return bcrypt.GenerateFromPassword([]byte(val.(string)), bcrypt.DefaultCost)
}
func (p *parser) parseExpr() (exp Expr, err error) { func (p *parser) parseExpr() (exp Expr, err error) {
// Create the root binary expression tree. // Create the root binary expression tree.

View file

@ -50,7 +50,7 @@ func (p *parser) parseDefineLoginStatement() (stmt *DefineLoginStatement, err er
return nil, err return nil, err
} }
if stmt.Pass, err = p.parseString(); err != nil { if stmt.Pass, err = p.parseBcrypt(); err != nil {
return nil, err return nil, err
} }